The Azure AD Integration allows system administrators to synchronize your users from your Azure active directory into the archive system. This feature is mainly designed to minimize the administration of users across multiple systems. Once the integration is established, users from your Azure active directory will be synchronized with the archive system.

Give the application a name that will identify it within your Azure management portal and select 'web application and/or web API'

Enter the Sign-on URL and App ID URI provided in step 1 of setting up a new directory sync from within the archive system.

Set the permissions for the newly registered application

Once you have added the archiving application to your Azure management portal, navigate to the application you just created in the 'App registration' section. Click the 'Required permissions section' and select the 'Windows Azure Active Directory...' API

Ensure that ONLY 'Read directory data' is selected under BOTH the 'Application permissions' and 'Delegated permissions' sections.

Save these permissions and select 'Grant permissions'

NOTE: The permissions need to be both saved AND granted.

Add your Azure credentials to the archive application

Once you have added the archiving application to your Azure management portal and set the appropriate permissions, you'll need to add the credentials for your directory application to the archiving application for a successful sync process, navigate to the application you just created in the 'App registration' section if you're not already there. Click 'Keys' under 'All settings'

Provide a description for the key

Select a duration for Key.

Click the 'SAVE' icon.

The Key has now been generated in the Key field. Copy and store the key value.

NOTE: You won't be able to retrieve this key after you leave this page.

You will need this generated key, and the Application ID for the application

Next, you'll need your Directory ID

Your Directory ID can be found in your main Azure Active Directory properties

Enter the Application ID, generated Key, and Direcotry ID into the specified fields in the archive application

NOTE: It can take up to 60 minutes for the Microsoft systems to full propagate the application/key pair to allow a successful authentication to your Azure Active Directory

Enter the Application ID into the 'Client ID' Field

Enter the generated key into the 'Key' Field

Enter the Directory ID into the 'Tenant ID' Field

Map the attributes

Once you've successfully established a connection between Azure and the archive application, you'll be able to map your attributes to the relevant fields.

NOTE: It can take up to 60 minutes for the Microsoft systems to full propagate the application/key pair to allow a successful authentication to your Azure Active Directory

Primary Email address (this should be the address that users authenticate using), username (which can be the email address if you wish), and name should be mapped to the appropriate fields in your directory. Any additional aliases for the user will be automatically synchronized and associated with the user in the archiving application.

Review and Finish

Lastly, the system will summarize your mapping and confirm the sync frequency. Currently this is a nightly option, as the application evolves you'll be able to customize this frequency.

Finishing the setup will start an initial sync.

Status and Management

Once integrated, the status of your active directory integration can be monitored from within the settings page. Details on the status, last sync, and any conflicts can be reviewed and managed from this page as well as any necessary updates to credentials or attribute mappings by selecting 'Manage' within any of the relevant sections.

Users in your Azure active directory will be automatically created in the archive system. These users will initially be 'disabled' (see the KB article related to Enabling users for more information). Additionally, synchronized users will not be assigned any role in the system, when enabling them, a role will also need to be assigned (see the KB article related to assigning user roles for more information as this can be done individually or in bulk).

Similarly, users that are deleted from your Azure active directory after having been added to the archive system will be disabled on the next sync to ensure their access restricted.